Senior Threat Intelligence Researcher (US Remote)

Company Description

Anomali is headquartered in Silicon Valley and is the Leading AI-Powered Security Operations Platform that is modernizing security operations. At the center of it is an omnipresent, intelligent, and multilingual Anomali Copilot that automates important tasks and empowers your team to deliver the requisite risk insights to management and the board in seconds. The Anomali Copilot navigates a proprietary cloud-native security data lake that consolidates legacy attempts at visibility and provides first-in-market speed, scale, and performance while reducing the cost of security analytics. Anomali combines ETL, SIEM, XDR, SOAR, and the largest repository of global intelligence in one efficient platform. Protect and drive your business with better productivity and talent retention.

Do more with less. Be Different. Be the Anomali.

Learn more at http://www.anomali.com.

Job Description

Anomali is seeking a Senior Threat Intel Researcher to join our growing Intelligence team. In this role, you will lead efforts to track, analyze, and classify data from cybercriminal underground ecosystems to uncover actionable threat intelligence that directly supports the evolution of Anomali’s products and capabilities. This role focuses on research and technical collection.

As a key contributor to Anomali’s Intelligence team, you will employ operational security (OPSEC) tradecraft to investigate underground cybercriminal economies and develop tools and methodologies. You will work collaboratively across internal teams to ensure your findings inform the development of our cutting-edge security solutions.

This role is ideal for a technically proficient, highly motivated individual with deep experience in cyber threat intelligence and a proven ability to work independently in a fast-paced, research-driven environment.

Responsibilities

• Threat Research and Collection: Conduct proactive investigations into cybercriminal underground economies, hidden sites, and forums of interest to identify emerging threats.

• Emerging Operations and Trend Analysis: Identify emerging operations and trends by conducting extensive research into cyber, physical, and information-related threat activity. Provide actionable communications, countermeasures, and recommendations for decision-makers with minimal oversight.

• Data Organization and Analysis: Use a Threat Intelligence Platform (TIP) to collect, organize, correlate, and analyze cyber threat data from various sources to extract relevant and timely indicators for near real-time sharing.

• Trend and Impact Assessment: Implement data analysis practices to assess trends and patterns in cyber, physical, and information operations networks, aiding in the determination of potential and expected impacts.

• Technical Threat Analysis: Conduct in-depth analysis of malicious and suspicious code to understand the nature of threats and extract unique attributes for proactive defense.

• Actor Profiling: Identify, monitor, track, and catalog threat actors, their ideologies, and tactics by leveraging commercial and open-source intelligence collection tools.

• Analysis Presentation: Generate briefing materials, written products, and simple graphics to convey analysis verbally and in writing to key stakeholders.

• Data Analysis and Classification: Lead the acquisition, monitoring, and analysis of raw data, turning unstructured information into actionable intelligence.

• Tool and Process Development: Design, implement, and maintain tools and services for secure data collection, extraction, and analysis.

• OPSEC and Tradecraft: Apply and refine secure operational tradecraft principles to ensure the integrity of research operations.

• Collaboration: Work with cross-functional teams, including Intelligence, Product, and Engineering, to integrate research findings into Anomali’s platform.

• APIs and Integration: Develop and utilize APIs for system integration and advanced data retrieval to enhance Anomali’s intelligence capabilities.

Qualifications

Specific Experience required to be successful in this role:

• Bachelor’s degree or an additional 3 years of experience in Cybersecurity, Computer Science, Data Science, Intelligence Studies, or relevant work, in lieu of degree.

• 4+ years of professional experience in cyber threat intelligence, open-source intelligence, or information security.

• Proven ability to design, implement, and interact with RESTful and other API types for data retrieval and integration.

• Deep understanding of technical terminology, tools, and tactics used by state-backed and cybercriminal adversaries.

• Experience navigating and analyzing large, unstructured datasets.

• Comprehensive knowledge of operational security (OPSEC) principles and best practices.

• Ability to work collaboratively in a remote team environment across different time zones.

• This position is not eligible for employment visa sponsorship. The successful candidate must not now, or in the future, require visa sponsorship to work in the US

Preferred Skills/Experience

• Additional language expertise (e.g., Russian, Mandarin, Spanish, Farsi, Arabic, Japanese, French).

• Background in the intelligence community or cyber threat intelligence research.

• Demonstrated engagement in the security or academic research communities, or open-source software development.

• Formal intelligence analysis training.

• Familiarity with building and deploying tools for internal use by research teams.

• Certifications in related areas (e.g., GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc.).

• Basic knowledge of programming/scripting languages (Python, Bash, Perl, C/C++, or JavaScript) and Structured Query Language (SQL).

Why Join Us

This is a unique opportunity to shape the future of cybersecurity research and intelligence within a dynamic, fast-growing organization. At Anomali, you will play a critical role in uncovering emerging threats and ensuring our products remain at the forefront of the cybersecurity industry. Join us and be part of a team that is redefining security operations for organizations worldwide.

Equal Opportunities Monitoring

It is our policy to ensure that all eligible persons have equal opportunity for employment and advancement on the basis of their ability, qualifications and aptitude. We select those suitable for appointment solely on the basis of merit without regard to an individual's disability, race, color, religion, sex, sexual orientation, gender identity, national origin, age, or status as a protected veteran. Monitoring is carried out to ensure that our equal opportunity policy is effectively implemented. 

If you are interested in applying for employment with Anomali and need special assistance or accommodation to apply for a posted position, contact our Recruiting team at [email protected].